package net.esj.auth.inst.struts2.bg;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;

import net.esj.auth.pojo.CoreAdmin;
import net.esj.background.support.AccessDepend;
import net.esj.basic.core.view.RequestUtils;
import net.esj.basic.core.view.tools.AgentContext;
import net.esj.basic.service.provider.UserRuleProvider;
import net.esj.basic.utils.SessionKeyConstants;

import com.opensymphony.xwork2.ActionInvocation;

public class AuthStrutsAccessDepend implements AccessDepend<ActionInvocation> {

public static final  String ACTION_NON_AUTHORITATIVE = "nonAuth";
	
	private AgentContext agentContext;
	
	@Autowired
	public void setAgentContext(AgentContext agentContext) {
		this.agentContext = agentContext;
	}
	
	@Override
	public boolean canAccess(ActionInvocation t) {
		CoreAdmin admin = UserRuleProvider.getSessionUser(agentContext.getSession(), CoreAdmin.class);
        if(admin==null){
            return false;
        }
        String uri =RequestUtils.getURIWithoutSuffixAndContextPath((HttpServletRequest) agentContext.getRequest());
        if(admin.isAllowed(uri,agentContext.getRequest().getParameterMap())){
        	return true;
        }else{
            return false;
        }
	}

	@Override
	public Class<ActionInvocation> getGenericClass() {
		return ActionInvocation.class;
	}

}
